CVE-2025-30650

| EUVD-2025-209320 HIGH
2026-04-08 juniper
8.4
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Apr 08, 2026 - 19:31 vuln.today
EUVD ID Assigned
Apr 08, 2026 - 19:31 euvd
EUVD-2025-209320
CVE Published
Apr 08, 2026 - 17:26 nvd
HIGH 8.4

Tags

Authentication Bypass Juniper

Description

A Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to line cards running Junos OS Evolved as root. This issue affects systems running Junos OS using Linux-based line cards. Affected line cards include: * MPC7, MPC8, MPC9, MPC10, MPC11 * LC2101, LC2103 * LC480, LC4800, LC9600 * MX304 (built-in FPC) * MX-SPC3 * SRX5K-SPC3 * EX9200-40XS * FPC3-PTX-U2, FPC3-PTX-U3 * FPC3-SFF-PTX * LC1101, LC1102, LC1104, LC1105 This issue affects Junos OS:  * all versions before 22.4R3-S8,  * from 23.2 before 23.2R2-S6,  * from 23.4 before 23.4R2-S6,  * from 24.2 before 24.2R2-S3,  * from 24.4 before 24.4R2, * from 25.2 before 25.2R2.

Analysis

Privilege escalation in Juniper Networks Junos OS allows high-privileged local attackers to gain root access on Linux-based line cards running Junos OS Evolved. Missing authentication in critical command processing functions enables authenticated administrators with elevated privileges to bypass access controls and execute commands as root on affected hardware modules including MPC7-11, LC2101/2103, LC480/4800/9600, MX304 built-in FPC, MX-SPC3, SRX5K-SPC3, EX9200-40XS, and PTX-series line cards. No public exploit identified at time of analysis.

Technical Context

CWE-306 authentication bypass in command processing subsystem permits privileged local users to interact with Linux-based forwarding plane cards without proper credential verification. Attack requires local access vector with high privileges (CVSS PR:H), exploiting missing authentication controls in inter-process communication channels between control plane (Junos OS) and data plane components (Junos OS Evolved on line cards).

Affected Products

Juniper Networks Junos OS (cpe:2.3:a:juniper_networks:junos_os). Versions: all releases before 22.4R3-S8; 23.2 before 23.2R2-S6; 23.4 before 23.4R2-S6; 24.2 before 24.2R2-S3; 24.4 before 24.4R2; 25.2 before 25.2R2. Requires Linux-based line cards: MPC7/8/9/10/11, LC2101/2103, LC480/4800/9600, MX304 FPC, MX-SPC3, SRX5K-SPC3, EX9200-40XS, FPC3-PTX-U2/U3, FPC3-SFF-PTX, LC1101/1102/1104/1105.

Remediation

Vendor-released patches: upgrade to Junos OS 22.4R3-S8, 23.2R2-S6, 23.4R2-S6, 24.2R2-S3, 24.4R2, or 25.2R2 depending on active release train. Prioritize systems with affected Linux-based line cards listed in affected products. Implement least-privilege access controls to limit high-privilege local account usage until patching completes. Monitor administrative session logs for anomalous command execution on forwarding plane components. Apply role-based access restrictions to reduce attack surface from privileged accounts. Official advisory: https://supportportal.juniper.net/JSA107863 and https://kb.juniper.net/JSA107863. Security research context: https://github.com/orangecertcc/security-research/security/advisories/GHSA-fwhc-gh5m-v8fq

Priority Score

42
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +42
POC: 0

Share

CVE-2025-30650 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy